IT Security Today

 

IT Security

 

Prior to the wannacry attack in May 2017, many companies in Singapore thought that their sites does not have anything worth being hacked for and as such, neglected in up keeping their IT Security. However, as bad as it may sound. majority of the sites/server compromised are not to steal or deface your site. but instead, using your server as a source for spams mail or storing of software to serve for illegal purposes.

Though commonly, compromised server are often used as botnet or to mine bitcoin.

As such, today blog post will serve as a few common exploit as well as tips to safeguard your websites from black hat hackers.

1. SQL INJECTION

SQL injection is basically an attack where hackers use web form like login to insert specific codes to gain access or manipulate your database. when standard transact SQL is being used, one can just used ‘ OR ‘1’=’1′ — to gain access to one database. To fix this, one should always explicitly parameterising it.

2. XSS

Also known as Cross Site Scripting works by injecting malicious JavaScript into your pages which will in turn be run by your users. XSS is scary as it steals all your user cookie login, allowing all the users who viewed the comment to be attacked. XSS is getting worrying as nowadays sites are built mainly for user content.
One should always consider using tool such as XSS defender which is a content security policy which is a header that when inserted, will tell browers to limit how and what javascript can be executed in the page e.g disallow running of javascript that is not hosted on your domain.

3. Error Message

Information in error page may give you away in your error messages. Provide only minimal errors to your users, to ensure they don’t leak secrets present on your server (e.g. API keys or database passwords). Don’t provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need.

So there you go, this 3 IT Security tips should ensure your site be protected from entry level hackers or better known as script kiddies. in the next security blog we will talk more on comprehensive attacks that mid-high level hackers will use on sites.

For more concerned individual 8 GB Technologies is providing a free website audit to better help you understand what are the vulnerability found in your website. 

Let’s us all keep the internet safe for our users.
Cheers,
8 GB Technologies

Comments 3

  1. I have been browsing on-line more than three
    hours these days, but I by no means found any interesting article like yours.
    It is pretty value enough for me. In my opinion, if all site owners and bloggers made excellent content as you probably did, the web will likely be a lot more useful than ever before.

  2. What’s up to every body, it’s my first pay a visit of this blog;
    this website consists of remarkable and actually fine stuff
    for visitors.

  3. Hi there Dear, are you really visiting this website on a regular basis,
    if so then you will without doubt obtain good knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *